Tweet Data

New Irish Warrant Case Decision – Again – Points to Need for Congressional Action to Update ECPA

The importance of this week’s decision by the Second Circuit to deny rehearing in Microsoft’s Irish warrant case has less to do with the action in court and more to do with what happens next. Specifically, with what happens in Congress.

Last July, a panel of the Second Circuit held that a warrant issued by US law enforcement under the Stored Communications Act (SCA) does not have extraterritorial application. As Judge Carney notes in her concurrence with this week’s order: “[I]n many ways the SCA has been left behind by technology. It is overdue for a congressional revision that would continue to protect privacy but would more effectively balance concerns of international comity with law enforcement needs and service provider obligations in the global context in which this case arose.”

Laws regarding privacy and law enforcement have always struggled to strike a tricky balance: they must ensure that personal data receives the greatest protection possible while enabling investigators to do their job of keeping the public safe.

Unfortunately, in the digital world, the three decades-old Electronic Communications Privacy Act (ECPA), which is part of the SCA, does neither effectively.

This is understandable. Remember, when ECPA was enacted more than 30 years ago, our use of technology and cloud computing was dramatically different. Today, we store nearly all of our information in the cloud – emails, pictures, documents, health and financial records – and we expect to be able to access it whenever and wherever we are. Thirty years ago, we did not have the web of globally connected data centers and the software to move our data seamlessly around the world.

Software companies and civil liberties groups have urged Congress for years to update ECPA. The updates that passed the House of Representatives unanimously and had bipartisan sponsors in the Senate last Congress would make much-needed changes to enhance privacy protections that we have long championed. This week’s Second Circuit opinion is an important reminder that Congress must also focus on creating an international framework for accessing data – an issue that has also already received bipartisan, bicameral leadership in Congress.

As judges on the Second Circuit have said repeatedly since oral arguments in the case back in September 2015: the best next step is “congressional action to revise a badly outdated statute.” Our digital privacy laws need an update to protect both our privacy and security.

Author:

Aaron Cooper serves as Senior Vice President, Global Policy. In this role, Cooper leads BSA’s global policy team and contributes to the advancement of BSA members’ policy priorities around the world that affect the development of emerging technologies, including data privacy, cybersecurity, AI regulation, data flows, and digital trade. He testifies before Congress and is a frequent speaker on data governance and other issues important to the software industry.

Cooper previously served as a Chief Counsel for Chairman Patrick Leahy on the US Senate Judiciary Committee, and as Legal Counsel to Senator Paul Sarbanes. Cooper came to BSA from Covington and Burling, where he was of counsel, providing strategic guidance and policy advice on a broad range of technology issues.

Cooper is a graduate of Princeton University and Vanderbilt Law School. He clerked for Judge Gerald Tjoflat on the US Court of Appeals for the Eleventh Circuit.

Leave a Reply

Your email address will not be published. Required fields are marked *

eight + five =